AWS workspaces-core documentation change
Summary
Added ec2:DescribeTags and ec2:CreateTags permissions to service-linked role policy.
Security assessment
Adds resource tagging permissions for operational management. No evidence of addressing a security vulnerability. Tags support resource organization but don't inherently change security posture.
Diff
diff --git a/workspaces-core/latest/ag/using-service-linked-roles.md b/workspaces-core/latest/ag/using-service-linked-roles.md index 0454506c6..5eddd0eca 100644 --- a//workspaces-core/latest/ag/using-service-linked-roles.md +++ b//workspaces-core/latest/ag/using-service-linked-roles.md @@ -72 +72 @@ The role permissions policy named AWSServiceRolePolicyForWorkspacesInstances all - * For monitoring your resources: `ec2:DescribeInstances`, `ec2:DescribeInstanceStatus`, and `ec2:DescribeVolumes`. + * For monitoring your resources: `ec2:DescribeInstances`, `ec2:DescribeInstanceStatus`, `ec2:DescribeVolumes`, and `ec2:DescribeTags`. @@ -74 +74 @@ The role permissions policy named AWSServiceRolePolicyForWorkspacesInstances all - * For managing the ec2 instances which workspaces-instances.amazonaws.com operate: `ec2:TerminateInstances`, `ec2:DeleteVolume`, `ec2:StopInstances`, and `ec2:StartInstances`. + * For managing the ec2 instances which workspaces-instances.amazonaws.com operate: `ec2:TerminateInstances`, `ec2:DeleteVolume`, `ec2:StopInstances`, `ec2:StartInstances`, and `ec2:CreateTags`.